AP setup, no IP in guest WiFi

Hi folks, I need some help with this one.
I have a router and an AP set up with the latest firmware and configured them to extend my WiFi coverage.
The AP is an EAP-225 Outdoor running the latest snapshot.
OpenWrt SNAPSHOT r17321-5c88bf896e / LuCI Master git-21.223.61040-6045f58
The second device is a TP-Link TL-WDR4900 v1.
OpenWrt 19.07.8 r11364-ef56c85848 / LuCI openwrt-19.07 branch git-21.189.23240-7b931da

The dumb AP settings are working fine on both devices with regard to my private WiFi.
But I have trouble getting the guest WiFi to work.
I basically used the guide in the documentation section.

I checked other sources also but whatever I try, It's not working so far.

I can see the guest WiFi on my mobile devices and I can connect but IP lease is not working reliably.
Additionally very confusing: During my trials I managed to get an IP maybe twice!
But in general it gets stuck at "Obtaining IP Address..."
This happens exactly the same on both devices.

In this post, user @mpa states " dnsmasq must be running since the dumb AP is serving DHCP for the guest network."

service dnsmasq status returns "running"

I appreciate a review of the settings and some ideas what might be wrong.

Here are my settings:
etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'
        option ipv6 '0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.158.15'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option peerdns '0'
        option dhcpv6 'disabled'
        option ipv6 '0'
        list dns '192.168.158.7'

config route 'net'
        option interface 'lan'
        option target '0.0.0.0/0'
        option netmask '255.255.255.0'
        option gateway '192.168.158.1'

config device
        option name 'wlan0'
        option ipv6 '0'

config device
        option name 'eth0'
        option ipv6 '0'

config device
        option name 'wlan0-1'
        option ipv6 '0'

config device
        option name 'wlan1'
        option ipv6 '0'

config device
        option name 'wlan1-1'
        option ipv6 '0'

config interface 'gast'
        option proto 'static'
        option delegate '0'
        list ipaddr '192.168.178.15/24'

/etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'pci0000:00/0000:00:00.0'
        option band '5g'
        option htmode 'VHT80'
        option channel 'auto'
        option country 'DE'
        option cell_density '0'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/ahb/18100000.wmac'
        option band '2g'
        option country 'DE'
        option cell_density '0'
        option htmode 'HT40'
        option channel 'auto'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'PRIVATE'
        option encryption 'psk2'
        option key 'other_pass'

config wifi-iface 'wifinet2'
        option device 'radio0'
        option mode 'ap'
        option ssid 'PRIVATE'
        option encryption 'psk2'
        option key 'other_pass'
        option network 'lan'

config wifi-iface 'wifinet3'
        option device 'radio1'
        option mode 'ap'
        option ssid 'GUEST'
        option encryption 'psk2'
        option key 'my_pass'
        option network 'gast'

config wifi-iface 'wifinet4'
        option device 'radio0'
        option mode 'ap'
        option ssid 'GUEST'
        option encryption 'psk2'
        option key 'my_pass'
        option network 'gast'

/etc/config/firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'
        option masq '1'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option name 'Support-UDP-Traceroute'
        option src 'wan'
        option dest_port '33434:33689'
        option proto 'udp'
        option family 'ipv4'
        option target 'REJECT'
        option enabled '0'

config include
        option path '/etc/firewall.user'

config zone
        option name 'gast'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'gast'
        option input 'REJECT'
        option family 'ipv4'

config forwarding
        option src 'gast'
        option dest 'lan'

config rule
        option name 'Gast DHCP'
        option src 'gast'
        option dest_port '67-68'
        option target 'ACCEPT'
        option family 'ipv4'
        list proto 'udp'

config rule
        option name 'Gast DNS'
        option src 'gast'
        option dest_port '53'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option src 'gast'
        option dest 'lan'
        list dest_ip '192.168.158.0/24'
        option target 'DROP'
        option family 'ipv4'
        option name 'Gast block nach Privat'
        list proto 'all'

config rule
        option family 'ipv4'
        option src 'gast'
        option target 'DROP'
        option name 'Gast block AP-Config GUI+SSH'
        option dest_port '80 22'

/etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        option ignore '1'
        option ra_slaac '0'
        option dns_service '0'
        option dynamicdhcp '0'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'glan'
        option interface 'glan'
        option ignore '1'
        list ra_flags 'none'

config dhcp 'gast'
        option interface 'gast'
        option start '100'
        option netmask '255.255.255.0'
        option leasetime '6h'
        option limit '20'
        list ra_flags 'none'

There are several things wrong in that config. Since you have two APs on the gast network, it needs to be a bridge. The way it is now, one of the guest APs will not have a network behind it, if your user prefers to connect to that one it will never get any communication. Also option netmask doesn't belong in the DHCP config (dnsmasq probes the interface config to inherit IP parameters like that).

Thank you for your assistance mk24.

  1. two APs on the gast network.
    Understood. In that case the documentation doesn't exactly fit my needs.
    I created a bridge interface instead and assigned the wifi networks accordingly.
    Modification of /etc/config/network only didn't work as expected.
    The bridge wouldn't connect for some reason.

  2. I removed the netmask in the DHCP config.
    It seems that was the issue. It worked even without the bridged interface - on one wifi network as you stated.

Now I can finally switch between private and guest WiFi without problems.
I will do some more testing tomorrow (later today).

In the old syntax you would just add option type bridge to the config interface gast block in /etc/config/network.

The new syntax for 21.02.rc4 or trunk separates the bridge creation from the layer 3 network. However in /etc/config/wireless you still use option network gast to connect the AP to the guest network (not br-gast):

config device
    option name 'br-gast'
    option type 'bridge'

config interface 'gast'
    option device 'br-gast'
    option proto 'static'
    option ipaddr '192.168.178.1/24'

While the EAP225 AP is working well, the WDR4900 AP setup seems not yet optimal.
The DHCP IP lease works but there is no internet connection.
What part of the config shall I post for inspection?

Edit:
I have tried another smartphone and this one gets internet access. I checked the associated stations list and both devices were using the same network.

Conclude, it must be another kind of issue then misconfiguration of the AP.
But, on the other hand, I wonder why the connection to the private wifi is working without problems?
It's always the same 2.4GHz radio that is used (Generic MAC80211 802.11bgn).
Private wifi is OK, gast wifi no internet.
Any idea?

Did you ever find a solution?

I am stumbling over the same issue: no IP address in the guest network interface on the accesspoint.